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DETAILED ACTION 

1. Claims 1-24 have been presented for examination. Claims 4, 7, 9, 11 ? 14, 17, 19, 21, 23, 
and 24 have been amended in an amendment filed 03/18/2004. Claims 1-24 have been 
examined. 



Response to Arguments 

2. Applicant's arguments, see Paper No. 7, page 12, lines 9-23 and page 13, lines 1-21, filed 
03/18/2004, with respect to the rejections of claims 1-3 under 35 U.S.C. 102(b) have been fully 
considered and are persuasive. Therefore, the rejections have been withdrawn. However, upon 
further consideration, new grounds of rejection is made in view of Terao et al., U.S. Patent 
Application Publication No. US 2003/0097567 Al in view of Hayashida, U.S. Patent No. 
5,644,1 1 8 A and further in view of Stambler, U.S. Patent No. 5,793,302 A. 

3. Applicant's arguments, see Paper No. 7, page 15, lines 19-23, filed 03/18/2004, with 
respect to the rejection of claim 5 under 35 U.S.C. 102(b) have been fully considered and are 
persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, 
a new ground of rejection is made in view of Terao et al., U.S. Patent Application Publication 
No. US 2003/0097567 Al in view of Hayashida, U.S. Patent No. 5,644,1 1 8 A. 

4. Applicant's arguments, see Paper No. 7, page 15, lines 19-23, filed 03/18/2004, with 
respect to claim 6 have been fully considered and are persuasive. The rejection of claim 6 has 
been withdrawn. 

5. Applicant's arguments, see Paper No. 7, page 16, lines 6-14, filed 03/18/2004, with 
respect to the rejection of claim 10 under 35 U.S.C. 103(a) have been fully considered and are 
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persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, 
a new ground of rejection is made in view of Terao et al., U.S. Patent Application Publication 
No. US 2003/0097567 Al in view of Hayashida, U.S. Patent No. 5,644,118 A and further in 
view of Harkins, U.S. Patent No. 6,151,395 A. 

6. The indicated allowable subject matter of claims 4 and 9 is withdrawn in view of the 
newly discovered references to Terao et al., U.S. Patent Application Publication No. US 
2003/0097567 Al in view of Hayashida, U.S. Patent No. 5,644,1 18 A. Rejections based on the 
newly cited reference follow. 

Claim Objections 

7. Claim 1 is objected to because of the following informalities: insert after "terminal;" in 
line 6, -and—. Appropriate correction is required. 

8. Claim 4 is objected to because of the following informalities: insert after "terminal;" in 
line 9, -and—. Appropriate correction is required. 

9. Claim 7 is objected to because of the following informalities: insert after "terminal;" in 
line 8, -and—. Appropriate correction is required. 

10. Claim 1 1 is objected to because of the following informalities: insert after "code;" in line 

7, -and—. Appropriate correction is required. 

1 1 . Claim 14 is objected to because of the following informalities: insert after "code;" in line 
9, —and—. Appropriate correction is required. 

12. Claim 17 is objected to because of the following informalities: insert after "code;" in line 

8, -and—. Appropriate correction is required. 
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Claim Rejections - 35 USC § 102 
13. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 



Claim Rejections - 35 USC § 103 

14. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

15. Claims 1, 2, and 5; 4 and 9; are rejected under 35 U.S.C. 102(e) as anticipated by or, in 
the alternative, under 35 U.S.C. 103(a) as obvious over Terao et al., U.S. Patent Application 
Publication No. US 2003/0097567 Al in view of Hayashida, U.S. Patent No. 5,644,1 18 A. 



As per claim 1, Terao et al. illustrate a method for authenticating a first terminal to a 
second terminal (see ]f1 [01 16]-[01 18]; figure 4; authentication of a proof data generation device 
to a proof data verification device) comprising: 

requesting a string from a second terminal (see | [0137]; requesting the opening of 
communication in accordance of a predetermined procedure; see \ [0140]; figures 3 and 4; 
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resulting in authentication data m in the form of a string being transmitted from the proof data 
verification device to the proof data generation device); 

obtaining the requested string from the second terminal (see f [0140]; figures 3 and 4; 
resulting in authentication data m being transmitted from the proof data verification device to the 
proof data generation device); and 

merging the obtained string with a password to create an identification code (see fflf 
[0153]-[0154]; figure 4; calculating an expression V from; see fflf [0148]-[0149]; figure 3, items 
1 1 1, 1 12, 1 13, and 1 15; a result from performing a calculation using the authentication data m 
and; see [0145]-[0146]; figure 3, items 111, 112, and 113; and an expression based on user 
unique identifying information e; see If [0123]; figure 3, item 1 12; where user unique identifying 
information e is different for each user like a password); and 

receiving an authentication if the identification code matches an identification code 
expected at the second terminal (see ^ [0158]; figure 4; verification is effected correctly when 
values V and V coincide). 

Although Terao et al. suggest that the above method of authenticating can be used to 
ATMs as a first terminal in a bank (see % [0105]), they do not explicitly teach sending 
information from an information server to the first terminal. However, this step is deemed to be 
inherent to the method of Terao et al. because an ATM in a bank would not function if 
information was not sent to it from an information server. Because this missing descriptive 
matter is necessarily present to cause the method to function and because persons of ordinary 
skill in the art would recognize this necessary presence, the inherency of this missing step is 
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sufficiently established. See MPEP § 21 12 and In re Roberston, 169 F.3d 743, 745, 49 USPQ2d 
1949, 1950-51 (Fed. Cir. 1999). 
Hayashida illustrates: 

receiving an authentication if a personal identification code matches a personal 
identification code expected at a second terminal (see column 10, lines 46-49; figure 8 A, step 
733; the ATM terminal unit judges the personal identification code to be valid); 

sending information from an information server to the first terminal (see column 10, lines 
54-67; column 11, lines 1-2; figure 1, items 1, 2, and 3; figure 2, item 21; figure 8 A, steps 741 
and 742; the bank center device withdraws the replenishing amount from the deposit account and 
sends it through the ATM terminal unit to the multi-function IC card). 

Therefore, it would have been obvious to one of ordinary skill in the computer art at the 
time the invention was made to combine the method of Terao et al. with the sending of 
information from an information server to the first terminal of Hayashida to apply the method of 
Terao et al. to ATMs in a bank (see Terao et al., f [0105]). 

As per claim 2, Terao et al. further point out: 

that the string a pseudo random number sequence (see | [0139]; figure 2, items 10, 103 
and 104; figure 4; a random number generated by the random number generation unit is stored as 
authentication data m into the authentication data memory unit in the proof data verification 
device). 



As per claim 5, Terao et al. additionally teaches: 
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performing a block addition of the string and the password (see [0148]-[0149]; figure 
3, items 11,111,113, and 115; equation (1-8); the proof data generation unit in the proof 
generation device combines the authentication data m with the data generated in the exponent 
generation unit; see [0145]-[0146]; figure 3, items 1 1, 1 1 1, 1 12, and 1 13; equation (1-7); 
which consists of the unique user identifying information e). 

As per claim 4, Terao et al. illustrate a method for authenticating a first terminal to a 
second terminal (see fflf [01 16]-[01 18]; figure 4; authentication of a proof data generation device 
to a proof data verification device) comprising: 

requesting a string from a second terminal (see [0137]; requesting the opening of 
communication in accordance of a predetermined procedure; see ^ [0140]; figures 3 and 4; 
resulting in authentication data m in the form of a string being transmitted from the proof data 
verification device to the proof data generation device); 

obtaining the requested string from the second terminal (see f [0140]; figures 3 and 4; 
resulting in authentication data m being transmitted from the proof data verification device to the 
proof data generation device); and 

merging the obtained string with a password to create an identification code (see Tfff 
[0153]-[0154]; figure 4; calculating an expression V from; see 1fff [0148]-[0149]; figure 3, items 
1 1 1, 1 12, 1 13, and 1 15; a result from performing a calculation using the authentication data m 
and; see Iflj [0145]-[0146]; figure 3, items 111,112, and 1 13; and an expression based on user 
unique identifying information e; see If [0123]; figure 3, item 1 12; where user unique identifying 
information e is different for each user like a password), comprising 
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using an applet at the first terminal (see f [0094]; figure 1, item 11; where the proof 
generation device is a proof program on the user's computer; see ^ [0137]; figure 1, item 10; 
starting the proof data verification device in response to a TCP connection request from the 
user's computer) executing an encryption algorithm with a unique merging key (see If [0121]; 
figure 2, item 101 ; where q, G, Y, P, and n represent the public key stored in the access ticket 
public key memory unit; see fflf [0145-149]; figure 2, items 1 1 1, 1 12, 1 13, and 115; and stored in 
the authentication data memory unit and combined with the user unique identifying information 
e in a public key encryption algorithm); and 

receiving an authentication if the identification code matches an identification code 
expected at the second terminal (see | [0158]; figure 4; verification is effected correctly when 
values V and V coincide). 

Although Terao et al. suggest that the above method of authenticating can be used to 
ATMs as a first terminal in a bank (see | [0105]), they do not explicitly teach sending 
information from an information server to the first terminal. However, this step is deemed to be 
inherent to the method of Terao et al. because an ATM in a bank would not function if 
information was not sent to it from an information server. Because this missing descriptive 
matter is necessarily present to cause the method to function and because persons of ordinary 
skill in the art would recognize this necessary presence, the inherency of this missing step is 
sufficiently established. See MPEP § 21 12 and In re Roberston, 169 F.3d 743, 745, 49 USPQ2d 
1949, 1950-51 (Fed. Cir. 1999). 

Hayashida illustrates: 
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receiving an authentication if a personal identification code matches a personal 
identification code expected at a second terminal (see column 10, lines 46-49; figure 8A, step 
733; the ATM terminal unit judges the personal identification code to be valid); 

sending information from an information server to the first terminal (see column 10, lines 
54-67; column 11, lines 1-2; figure 1, items 1, 2, and 3; figure 2, item 21; figure 8 A, steps 741 
and 742; the bank center device withdraws the replenishing amount from the deposit account and 
sends it through the ATM terminal unit to the multi-function IC card). 

Therefore, it would have been obvious to one of ordinary skill in the computer art at the 
time the invention was made to combine the method of Terao et al. with the sending of 
information from an information server to the first terminal of Hayashida to apply the method of 
Terao et al. to ATMs in a bank (see Terao et al., ^ [0105]). 

As per claim 9, Terao et al. further describe: 

closing the applet (see 1 [0158]; verification is effected for the completed calculations of 
V and V) after sending the encrypted data (see fflf [0149]-[0151]; figure 2, items 11,10, and 
105; sending s resulting from the encryption algorithm to the proof data verification device) and 
thereby invalidating the string (see [0139]; figure 2, items 10 and 103; generating 
authentication data m so as to take a different value at every generation and each use of the 
verification procedure). 

16. Claim 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Terao et al., U.S. 
Patent Application Publication No. US 2003/0097567 Al in view of Hayashida, U.S. Patent No. 
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5,644,1 18 A as applied to claim 1 above, and further in view of Stambler, U.S. Patent No. 
5,793,302 A. 

Terao et al. in view of Hayashida disclose the method of claim 1 . Although Terao et al. 
describe that authentication data m is generated so as to take a different value at every generation 
for a communication session (see ^ [0139]), neither Terao et al. nor Hayashida teaches that the 
string is an element of an ordered series. Stambler describes that the string is an element of an 
ordered series (see column 8, lines 4-9; the coded PIN (CPIN) is codes with the transmission 
date and time). Therefore, it would have been obvious to one of ordinary skill in the computer 
art at the time the invention was made to combine the method of Terao et al. in view of 
Hayashida with the string as an element of an ordered series of Stambler to prevent a replay 
attack with a previously used string (see column 7, lines 63-67; column 8, lines 1-4; coding a 
transmission date and time to prevent the signal from being recorded and then played back later 
to attempt to fraudulently authenticate a fraudulent transaction). 

17. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over Terao et al., U.S. 
Patent Application Publication No. US 2003/0097567 Al in view of Hayashida, U.S. Patent No. 
5,644,1 18 A as applied to claim 1 above, and further in view of Harkins, U.S. Patent No. 
6,151,395 A. 

Terao et al. in view of Hayashida show the method of claim 1. Although Terao et al. 
describe that authentication data m is generated so as to take a different value at every generation 
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for a communication session (see | [0139]), neither Terao et al. nor Hayashida teaches that the 
string is an element of an ordered series. Harkins elaborates opening another communications 
session using a string that is an element of an ordered series in which the string of the prior 
communications session is the preceding element of the same ordered series (see column 4, lines 
32-46; column 9, lines 32-67; column 10, lines 1-6; and figures 6A and 6B; communications 
sessions between a party A and B where a key is incremented by one for successive sessions). 
Therefore, it would have been obvious to one of ordinary skill in the computer art at the time the 
invention was made to combine the method for authenticating a first terminal to a second 
terminal of Terao et al. in view of Hayashida with the incrementing of the key by one for 
successive communication session of Harkins so that an authorized law enforcement officer 
(LEO) may decrypt and inspect the encrypted messages involved in a desired communication 
session (see column 10, lines 7-10). 



Allowable Subject Matter 

1 8. Claim 6 would be allowable if rewritten to overcome the objection, set forth in this Office 
action and to include all of the limitations of the base claim and any intervening claims. 

19. Claims 7 and 8; 11-13, 15, 16, and 20; 14 and 19; and 17 and 18 would be allowable if 
rewritten or amended to overcome the objections set forth in this Office action. 

20. Claims 2 1 -24 are allowed. 

21 . The following is a statement of reasons for the indication of allowable subject matter: 
Claim 6 is drawn to a method for authenticating a first terminal to a second terminal. The 

closest prior art, Terao et al, U.S. Patent Application Publication No. US 2003/0097567 Al in 
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view of Hayashida, U.S. Patent No. 5,644,1 18 A and further in view of Leith et al, U.S. Patent 
No. 5,196,840 A, disclose a similar method. Although Leith et al. embody adding randomness to 
different combinations of the PIN (see column 1 1, lines 15-41 and figure 9), none of these - 
inventors neither teach nor suggest performing a block addition of a permutated string and 
permutated password. This distinct step incorporated into dependent claim 6 renders claim 6 to 
have allowable subject matter. 

Claims 4 and 9; and 14 and 19 are drawn to methods of authenticating a first terminal to a 
second terminal, respectively. The closest prior art, Stambler, U.S. Patent No. 5,793,302 A, 
discloses similar methods. However, Stambler neither shows nor motivates merging a string 
with a password using an applet at the first terminal, executing an encryption algorithm with a 
unique merging key. This composite step explicitly recited in intervening claims 4 and 14 
renders claims 4 and 9; and 14 and 19, respectively, to have allowable subject matter. 

Claims 7 and 8 are drawn to methods of authenticating a first terminal to a second 
terminal, respectively. The closest prior art, Terao et al., U.S. Patent Application Publication No. 
US 2003/0097567 Al in view of Hayashida, U.S. Patent No. 5,644,1 18 A, discloses a similar 
method. However, none of these inventors depicts nor suggests obtaining the requested string by 
receiving a web page containing a program for generating requests and the string. This distinct 
step explicitly recited in independent claim 7 renders claims 7 and 8 to have allowable subject 
matter. 

Claims 11-13, 15, 16, and 20; 14 and 19; and 17 and 18 are drawn to methods of 
authenticating a first terminal to a second terminal, respectively. The closest prior art, Terao et 
al., U.S. Patent Application Publication No. US 2003/0097567 Al, describe similar methods. 
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Terao et al. illustrate a method for authenticating a first terminal to a second terminal (see 
1fl[ [01 16]-[01 18]; figure 4; authentication of a proof data generation device to a proof data 
verification device), comprising: 

creating a string (see f [0139]; figure 2, items 103 and 104; generating authentication 
data m) and storing it in association with an identification of a first terminal (see ff [0139]- 
[0140]; figure 2, items 101, 103, and 104; storing the authentication data m in the access ticket 
public key memory unit; see fflf [0123]-[0125]; with the access ticket, t, in association with the 
user unique identifying information, e); 

sending the string to the first terminal (see f [0140]; figure 4; sending the authentication 
data m to the proof data generation device); and 

receiving an identification code from the first terminal (see f [0140]; figure 4; the proof 
data generation device sending s to the proof data verification device) composed by merging the 
sent string with a sender password (see Iff [0148]-[0149]; figure 3, items 1 1 1, 1 12, 1 13, and 115; 
a result from performing a calculation using the authentication data m and; see ff [0145]-[0146]; 
figure 3, items 111, 112, and 113; and an expression based on user unique identifying 
information e; see f [0123]; figure 3, item 1 12; where user unique identifying information e is 
different for each user like a password). 

Although Terao et al. describe calculating another value with received authentication 
code (see Iff [0153]-[0154]; figure 4; calculating an expression V from s) and comparing this 
value with an expected value for authenticating the first terminal (see f [01 58]; figure 4; 
verification is effected correctly when values V and V coincide), they neither teach nor suggest 
comparing the received identification code with an expected identification code. This particular 
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step explicitly recited in independent claims 1 1, 14, and 17 renders claims 1 1-13, 15, 16, and 20; 
14 and 19; and 17 and 18 to have allowable subject matter, respectively. 
22. The following is an examiner's statement of reasons for allowance: 

Claims 21 and 22; 23; and 24 are drawn to authentication terminals, respectively. The 
closest prior art, Terao et al., U.S. Patent Application Publication No. US 2003/0097567 Al, 
describe similar authentication terminals. 

Terao et al. depict an authentication terminal comprising: 

a merge string library coupled to a processor to create a merge string and (see If [0139]; 
figure 2, items 103 and 104; a random number generation unit generating authentication data m) 
and to store it in association with an identification of a first terminal (see [0139]-[0140]; 
figure 2, items 101, 103, and 104; storing the authentication data m in the access ticket public 
key memory unit; see fflf [0123]-[0125]; with the access ticket, t, in association with the user 
unique identifying information, e); 

an output device to send the merge string to the second terminal (see | [0140]; figure 4; 
the authentication data memory unit sending the authentication data m to the proof data 
generation device); and 

an input device to receive an identification code from the second terminal (see f [0140]; 
figure 4; the proof data generation device sending s to the authentication data memory unit of the 
proof data verification device) being composed by merging the sent string with a second terminal 
password (see fflf [0148]-[0149]; figure 3, items 1 1 1, 1 12, 1 13, and 1 15; a result from performing 
a calculation using the authentication data m and; see Iflf [01 45]- [01 46]; figure 3, items 111,112, 
and 113; and an expression based on user unique identifying information e; see ^ [0123]; figure 
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3, item 112; where user unique identifying information e is different for each user like a 
password). 

Although Terao et al. describe a verification computation unit calculating another value 
with received authentication code (see [0153]-[0154]; figure 4; calculating an expression V 
from s) and comparing this value with an expected value for authenticating the second terminal 
(see Tf [0158]; figure 4; verification is effected correctly when values V and V coincide), they 
neither teach nor suggest an identification test library to compare the received identification code 
with an expected identification code. This distinct feature explicitly recited in independent 
claims 21, 23, and 24 renders claims 21 and 22; 23; and 24 allowable, respectively. 

Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance." 

Telephone Inquiry Contacts 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Justin T. Darrow whose telephone number is (703) 305-3872 and 
whose electronic mail address is justin.darrow@uspto.gov. The examiner can normally be 
reached Monday-Friday from 8:30 AM to 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, Jr., can be reached at (703) 305-1830. 
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The fax number for Formal or Official faxes to Technology Center 2100 is (703) 872- 
9306. In order for a formal paper transmitted by fax to be entered into the application file, the 
paper and/or fax cover sheet must be signed by a representative for the applicant. Faxed formal 
papers for application file entry, such as amendments adding claims, extensions of time, and 
statutory disclaimers for which fees must be charged before entry, must be transmitted with an 
authorization to charge a deposit account to cover such fees. It is also recommended that the 
cover sheet for the fax of a formal paper have printed "OFFICIAL FAX". Formal papers 
transmitted by fax usually require three business days for entry into the application file and 
consideration by the examiner. Formal or Official faxes including amendments after final 
rejection (37 CFR 1.116) should be submitted to (703) 872-9306 for expedited entry into the 
application file. It is further recommended that the cover sheet for the fax containing an 
amendment after final rejection have printed not only "OFFICIAL FAX" but also 
"AMENDMENT AFTER FINAL". 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Any inquiry of a general nature or relating to the status of this application should be 
directed to the Group receptionist whose telephone number is (703) 305-3900. 
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